---
page_title: "cloudflare_zone_settings_override Resource - Cloudflare"
subcategory: ""
description: |-
  Provides a resource which customizes Cloudflare zone settings.
---

# cloudflare_zone_settings_override (Resource)

Provides a resource which customizes Cloudflare zone settings.

~> You **should not** use this resource to manage every zone setting. This
  resource is only intended to override those which you do not want the default.
  Attempting to manage all settings will result in problems with the resource
  applying in a consistent manner.

## Plan-Dependent Settings

Note that some settings are only available on certain plans. Setting an argument
for a feature that is not available on the plan configured for the zone will
result in an error:

```
Error: invalid zone setting "\<argument\>" (value: \<value\>) found - cannot be set as it is read only
```

This is true even when setting the argument to its default value. These values
should either be omitted or set to `null` for zones with plans that don't
support the feature. See the [plan feature matrices](https://www.cloudflare.com/plans/) for details on
feature support by plan.

## Example Usage

```terraform
resource "cloudflare_zone_settings_override" "test" {
  zone_id = d41d8cd98f00b204e9800998ecf8427e
  settings {
    brotli                   = "on"
    challenge_ttl            = 2700
    security_level           = "high"
    opportunistic_encryption = "on"
    automatic_https_rewrites = "on"
    mirage                   = "on"
    waf                      = "on"
    minify {
      css  = "on"
      js   = "off"
      html = "off"
    }
    security_header {
      enabled = true
    }
  }
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `zone_id` (String) The zone identifier to target for the resource. **Modifying this attribute will force creation of a new resource.**

### Optional

- `settings` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings))

### Read-Only

- `id` (String) The ID of this resource.
- `initial_settings` (List of Object) (see [below for nested schema](#nestedatt--initial_settings))
- `initial_settings_read_at` (String)
- `readonly_settings` (List of String)
- `zone_status` (String)
- `zone_type` (String)

<a id="nestedblock--settings"></a>
### Nested Schema for `settings`

Optional:

- `always_online` (String)
- `always_use_https` (String)
- `automatic_https_rewrites` (String)
- `binary_ast` (String)
- `brotli` (String)
- `browser_cache_ttl` (Number)
- `browser_check` (String)
- `cache_level` (String)
- `challenge_ttl` (Number)
- `ciphers` (List of String)
- `cname_flattening` (String)
- `development_mode` (String)
- `early_hints` (String)
- `email_obfuscation` (String)
- `filter_logs_to_cloudflare` (String)
- `fonts` (String)
- `h2_prioritization` (String)
- `hotlink_protection` (String)
- `http2` (String)
- `http3` (String)
- `image_resizing` (String)
- `ip_geolocation` (String)
- `ipv6` (String)
- `log_to_cloudflare` (String)
- `max_upload` (Number)
- `min_tls_version` (String)
- `minify` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--minify))
- `mirage` (String)
- `mobile_redirect` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--mobile_redirect))
- `opportunistic_encryption` (String)
- `opportunistic_onion` (String)
- `orange_to_orange` (String)
- `origin_error_page_pass_thru` (String)
- `origin_max_http_version` (String)
- `polish` (String)
- `prefetch_preload` (String)
- `privacy_pass` (String)
- `proxy_read_timeout` (String)
- `pseudo_ipv4` (String)
- `response_buffering` (String)
- `rocket_loader` (String)
- `security_header` (Block List, Max: 1) (see [below for nested schema](#nestedblock--settings--security_header))
- `security_level` (String)
- `server_side_exclude` (String)
- `sort_query_string_for_cache` (String)
- `ssl` (String)
- `tls_1_2_only` (String, Deprecated)
- `tls_1_3` (String)
- `tls_client_auth` (String)
- `true_client_ip_header` (String)
- `universal_ssl` (String)
- `visitor_ip` (String)
- `waf` (String)
- `webp` (String)
- `websockets` (String)
- `zero_rtt` (String)

<a id="nestedblock--settings--minify"></a>
### Nested Schema for `settings.minify`

Required:

- `css` (String)
- `html` (String)
- `js` (String)


<a id="nestedblock--settings--mobile_redirect"></a>
### Nested Schema for `settings.mobile_redirect`

Required:

- `mobile_subdomain` (String)
- `status` (String)
- `strip_uri` (Boolean)


<a id="nestedblock--settings--security_header"></a>
### Nested Schema for `settings.security_header`

Optional:

- `enabled` (Boolean)
- `include_subdomains` (Boolean)
- `max_age` (Number)
- `nosniff` (Boolean)
- `preload` (Boolean)



<a id="nestedatt--initial_settings"></a>
### Nested Schema for `initial_settings`

Read-Only:

- `always_online` (String)
- `always_use_https` (String)
- `automatic_https_rewrites` (String)
- `binary_ast` (String)
- `brotli` (String)
- `browser_cache_ttl` (Number)
- `browser_check` (String)
- `cache_level` (String)
- `challenge_ttl` (Number)
- `ciphers` (List of String)
- `cname_flattening` (String)
- `development_mode` (String)
- `early_hints` (String)
- `email_obfuscation` (String)
- `filter_logs_to_cloudflare` (String)
- `fonts` (String)
- `h2_prioritization` (String)
- `hotlink_protection` (String)
- `http2` (String)
- `http3` (String)
- `image_resizing` (String)
- `ip_geolocation` (String)
- `ipv6` (String)
- `log_to_cloudflare` (String)
- `max_upload` (Number)
- `min_tls_version` (String)
- `minify` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--minify))
- `mirage` (String)
- `mobile_redirect` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--mobile_redirect))
- `opportunistic_encryption` (String)
- `opportunistic_onion` (String)
- `orange_to_orange` (String)
- `origin_error_page_pass_thru` (String)
- `origin_max_http_version` (String)
- `polish` (String)
- `prefetch_preload` (String)
- `privacy_pass` (String)
- `proxy_read_timeout` (String)
- `pseudo_ipv4` (String)
- `response_buffering` (String)
- `rocket_loader` (String)
- `security_header` (List of Object) (see [below for nested schema](#nestedobjatt--initial_settings--security_header))
- `security_level` (String)
- `server_side_exclude` (String)
- `sort_query_string_for_cache` (String)
- `ssl` (String)
- `tls_1_2_only` (String)
- `tls_1_3` (String)
- `tls_client_auth` (String)
- `true_client_ip_header` (String)
- `universal_ssl` (String)
- `visitor_ip` (String)
- `waf` (String)
- `webp` (String)
- `websockets` (String)
- `zero_rtt` (String)

<a id="nestedobjatt--initial_settings--minify"></a>
### Nested Schema for `initial_settings.minify`

Read-Only:

- `css` (String)
- `html` (String)
- `js` (String)


<a id="nestedobjatt--initial_settings--mobile_redirect"></a>
### Nested Schema for `initial_settings.mobile_redirect`

Read-Only:

- `mobile_subdomain` (String)
- `status` (String)
- `strip_uri` (Boolean)


<a id="nestedobjatt--initial_settings--security_header"></a>
### Nested Schema for `initial_settings.security_header`

Read-Only:

- `enabled` (Boolean)
- `include_subdomains` (Boolean)
- `max_age` (Number)
- `nosniff` (Boolean)
- `preload` (Boolean)
